Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2016-AVI-305
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Chrome versions antérieures à 53.0.2785.113 pour Windows, Mac, et Linux
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Chrome versions ant\u00e9rieures \u00e0 53.0.2785.113 pour Windows, Mac, et Linux\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5174"
},
{
"name": "CVE-2016-5171",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5171"
},
{
"name": "CVE-2016-5175",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5175"
},
{
"name": "CVE-2016-5172",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5172"
},
{
"name": "CVE-2016-5170",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5170"
},
{
"name": "CVE-2016-5173",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5173"
}
],
"initial_release_date": "2016-09-14T00:00:00",
"last_revision_date": "2016-09-14T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-305",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Chrome\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 13 septembre 2016",
"url": "https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed:+GoogleChromeReleases+(Google+Chrome+Releases)"
}
]
}
CVE-2016-5171 (GCVE-0-2016-5171)
Vulnerability from cvelistv5
Published
2016-09-25 20:00
Modified
2024-08-06 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/643357"
},
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2306023002"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/643357"
},
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2306023002"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/643357",
"refsource": "CONFIRM",
"url": "https://crbug.com/643357"
},
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "https://codereview.chromium.org/2306023002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2306023002"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5171",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5174 (GCVE-0-2016-5174)
Vulnerability from cvelistv5
Published
2016-09-25 20:00
Modified
2024-08-06 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/579934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2053343003"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/579934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2053343003"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://crbug.com/579934",
"refsource": "CONFIRM",
"url": "https://crbug.com/579934"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "https://codereview.chromium.org/2053343003",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2053343003"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5174",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5173 (GCVE-0-2016-5173)
Vulnerability from cvelistv5
Published
2016-09-25 20:00
Modified
2024-08-06 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1840453002"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/468931"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/497507"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/471523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1840453002"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/468931"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/497507"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/471523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "https://codereview.chromium.org/1840453002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1840453002"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "https://crbug.com/468931",
"refsource": "CONFIRM",
"url": "https://crbug.com/468931"
},
{
"name": "https://crbug.com/497507",
"refsource": "MISC",
"url": "https://crbug.com/497507"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"name": "https://crbug.com/471523",
"refsource": "MISC",
"url": "https://crbug.com/471523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5173",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5170 (GCVE-0-2016-5170)
Vulnerability from cvelistv5
Published
2016-09-25 20:00
Modified
2024-08-06 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/641101"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2332003002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/641101"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2332003002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "https://crbug.com/641101",
"refsource": "CONFIRM",
"url": "https://crbug.com/641101"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"name": "https://codereview.chromium.org/2332003002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2332003002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5170",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5172 (GCVE-0-2016-5172)
Vulnerability from cvelistv5
Published
2016-09-25 20:00
Modified
2024-08-06 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/616386"
},
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2077283004"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/616386"
},
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2077283004"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/616386",
"refsource": "CONFIRM",
"url": "https://crbug.com/616386"
},
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "https://codereview.chromium.org/2077283004",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2077283004"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5172",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5175 (GCVE-0-2016-5175)
Vulnerability from cvelistv5
Published
2016-09-25 20:00
Modified
2024-08-06 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/619217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/646394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/638166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/619217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/646394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/638166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://crbug.com/619217",
"refsource": "CONFIRM",
"url": "https://crbug.com/619217"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"name": "https://crbug.com/646394",
"refsource": "CONFIRM",
"url": "https://crbug.com/646394"
},
{
"name": "https://crbug.com/638166",
"refsource": "CONFIRM",
"url": "https://crbug.com/638166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5175",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…